Thursday, 21 June 2012
Integration of crisis and risk management tops agenda at Amrae conference
The importance of efficient communication during crises was highlighted by leading French risk managers during a conference on the integration of risk functions in Paris attended by Commercial Risk Europe yesterday.
Gilbert Canameras, President of Amrae
The conference also focused on the extent to which functions such as risk management and internal audit can be integrated without compromising their ability to work independently.
One of the main themes of the event that was organised by Amrae and daily financial Les Echos, was how companies should react when facing a crisis, with emphasis on communication with stakeholders.
Sophie Mauvieux, Head of Risks and Insurance at Gemalto, a digital security group, pointed out that the way a company manages a crisis reflects its internal risk management structure. Communication is the visible part of crisis management, she said. Careless reactions can cause long-term damage to a firm's brand and affect its results.
To illustrate the point, Eric Maillard, the General Director of PR agency Ogilvy in France, recalled cases where firms clearly failed to make their point.
For example, he pointed out that the company that owns the Costa Concordia cruiser, which capsized in January, took several months after event to make public new risk management policies that would help prevent such a catastrophe reoccurring.
Pre crisis planning is crucial, the experts agreed.
Ms Mauvieux’s company faced a serious crisis when smart cards issued by German banks and made by Gemalto were affected by a bug and stopped working on the first day of 2010.
In a mere three days, she said, the episode had become a fully-fledged news story on German TV and newspapers. But the fact that Gemalto had a detailed crisis management procedure in place allowed the firm to act immediately after clients started reporting the problems, explained Ms Mavieux.
The plan included the mobilisation of emergency action groups at the company's French headquarters and German unit, as well as the prompt deployment of external experts in areas such as IT, legal and communications.
Top managers assumed the role of spokespersons and were urged to be as transparent as possible, being careful, however, not to increase the potential legal liabilities of the firm.
As a result, as soon as the incident hit the media, Gemalto and the banks were able to provide explanations as to why the cards were not working and the steps they were taking to remedy the situation. The strategy worked and the damage was contained.
Ms Mauvieux explained that her company invests in training employees who will be deployed when a crisis hits. The priority is to make sure that several key personnel know the drill, and even those employees that are not directly part of the crisis response plan.
Philippe Cadé, the Group Audit Lead Auditor and Head of Industrial Risk Management at Air Liquide, a pharmaceutical firm, supports thorough engagement of workers in crisis management plans.
He emphasised the inherent commitment of workers in cases where a failure to deliver a product could have serious consequences for third parties.
“The thing that has amazed me in all the activities I've done in the company is the commitment of employees towards guaranteeing that supplies are not interrupted,” he said, referring to continuity plans for the delivery of oxygen to hospitals.
The company has precise business continuity plans in place to guarantee that oxygen supplies reach patients that would be unable to survive without the gas.
They include logistical and operational standards, but also deal with political negotiation with national and local authorities because sometimes security forces need to be employed to guarantee the transportation of goods.
The plan also relies on simple ideas such as the use of fax machines to ensure that if a digital blackout affects units they will be able to send documents to each other via telephone technology.
Another issued discussed at the conference was the trend, much vaunted by consultants, to integrate different risk activities that often work in silos.
Laurent Arnaudo, a Senior Vice-president of Audit at Sodexho and a Vice-President of IFACI, France's internal audit association, said that he believes that risk functions need to work more closely together.
But he expressed some scepticism about the rush to integrate them in the name of performance. “In the reality of companies, it is hard to move from compliance to performance,” he said.
Mr Arnaudo also said that internal auditors and risk managers perform different tasks, sometimes keeping each other accountable. If they are brought under the same umbrella they could lose their ability to work independently, he warned.
Gilbert Canameras, President of AMRAE, noted that the integration of risk activities is a matter of pragmatism for mid-sized companies, as they do not have the means to keep dedicated departments for every function.